From b60874cbb0da1c30dba041d2de5aa0dad70c8be7 Mon Sep 17 00:00:00 2001
From: Max Metz <max.metz@scope-sorting.com>
Date: Wed, 14 Aug 2024 15:49:28 +0200
Subject: [PATCH] shipcall, ship, times and user verify the validity of JSON
 data when receiving POST/PUT requests.

---
 src/server/BreCal/api/__init__.py  | 15 +++++++++++++++
 src/server/BreCal/api/shipcalls.py |  5 +++++
 src/server/BreCal/api/ships.py     |  7 +++++++
 src/server/BreCal/api/times.py     |  5 +++++
 src/server/BreCal/api/user.py      |  3 +++
 5 files changed, 35 insertions(+)

diff --git a/src/server/BreCal/api/__init__.py b/src/server/BreCal/api/__init__.py
index e69de29..40d2663 100644
--- a/src/server/BreCal/api/__init__.py
+++ b/src/server/BreCal/api/__init__.py
@@ -0,0 +1,15 @@
+
+
+import json
+import logging
+from flask import request
+
+def verify_if_request_is_json(request):
+    """
+    when a request contains invalid JSON data, this function raises a 400 error (bad request) and returns an error description.
+    this function avoids less precise 500 Internal Server Error messages.
+    """
+    if request.is_json:
+        # when invalid json data is posted, a JSONDecodeError will be raised
+        json.loads(request.data)
+    return
\ No newline at end of file
diff --git a/src/server/BreCal/api/shipcalls.py b/src/server/BreCal/api/shipcalls.py
index 68a927e..fb74627 100644
--- a/src/server/BreCal/api/shipcalls.py
+++ b/src/server/BreCal/api/shipcalls.py
@@ -7,6 +7,7 @@ from ..services.auth_guard import auth_guard, check_jwt
 from BreCal.validators.input_validation import validate_posted_shipcall_data, check_if_user_is_bsmd_type
 from BreCal.validators.input_validation_shipcall import InputValidationShipcall
 from BreCal.database.sql_handler import execute_sql_query_standalone
+from . import verify_if_request_is_json
 
 import logging
 import json
@@ -43,6 +44,8 @@ def GetShipcalls():
 def PostShipcalls():
 
     try:
+        verify_if_request_is_json(request)
+
         content = request.get_json(force=True)
         loadedModel = model.ShipcallSchema().load(data=content, many=False, partial=True)
 
@@ -71,6 +74,8 @@ def PostShipcalls():
 def PutShipcalls():
 
     try:
+        verify_if_request_is_json(request)
+        
         content = request.get_json(force=True)
         loadedModel = model.ShipcallSchema().load(data=content, many=False, partial=True)
 
diff --git a/src/server/BreCal/api/ships.py b/src/server/BreCal/api/ships.py
index 8690a5c..31b6cf6 100644
--- a/src/server/BreCal/api/ships.py
+++ b/src/server/BreCal/api/ships.py
@@ -5,6 +5,7 @@ from marshmallow import EXCLUDE, ValidationError
 from ..schemas import model
 import json
 import logging
+from . import verify_if_request_is_json
 
 from BreCal.validators.input_validation import check_if_user_is_bsmd_type
 from BreCal.validators.input_validation_ship import InputValidationShip
@@ -27,6 +28,8 @@ def GetShips():
 def PostShip():
 
     try:
+        verify_if_request_is_json(request)
+
         # read the user data from the JWT token (set when login is performed)
         user_data = check_jwt()
 
@@ -55,6 +58,8 @@ def PostShip():
 def PutShip():
 
     try:
+        verify_if_request_is_json(request)
+
         # read the user data from the JWT token (set when login is performed)
         user_data = check_jwt()
 
@@ -77,6 +82,8 @@ def PutShip():
 def DeleteShip():
 
     try:
+        verify_if_request_is_json(request)
+        
         # read the user data from the JWT token (set when login is performed)
         user_data = check_jwt()
         ship_id = request.args.get("id")
diff --git a/src/server/BreCal/api/times.py b/src/server/BreCal/api/times.py
index e1b3786..131673f 100644
--- a/src/server/BreCal/api/times.py
+++ b/src/server/BreCal/api/times.py
@@ -6,6 +6,7 @@ import json
 import logging
 from marshmallow import ValidationError
 from BreCal.validators.input_validation_times import InputValidationTimes
+from . import verify_if_request_is_json
 
 bp = Blueprint('times', __name__)
 
@@ -25,6 +26,8 @@ def GetTimes():
 def PostTimes():
 
     try:
+        verify_if_request_is_json(request)
+
         # print (request.is_json)
         content = request.get_json(force=True) # force gets us json even if the content-type was wrong
 
@@ -56,6 +59,8 @@ def PostTimes():
 def PutTimes():
 
     try:
+        verify_if_request_is_json(request)
+        
         content = request.get_json(force=True)
         loadedModel = model.TimesSchema().load(data=content, many=False, partial=True)
 
diff --git a/src/server/BreCal/api/user.py b/src/server/BreCal/api/user.py
index 2c3c1a0..6416704 100644
--- a/src/server/BreCal/api/user.py
+++ b/src/server/BreCal/api/user.py
@@ -5,6 +5,7 @@ from ..services.auth_guard import auth_guard
 import json
 import logging
 from marshmallow import ValidationError
+from . import verify_if_request_is_json
 
 bp = Blueprint('user', __name__)
 
@@ -13,6 +14,8 @@ bp = Blueprint('user', __name__)
 def PutUser():
 
     try:
+        verify_if_request_is_json(request)
+        
         content = request.get_json(force=True)
         loadedModel = model.UserSchema().load(data=content, many=False, partial=True)